############################################################## # # cf.services : local network service configuration # ############################################################### ### # # BEGIN cf.services # ### copy: nexus:: /local/iu/etc/dfstab dest=/etc/dfs/dfstab ############################################################### shellcommands: nexus|dax:: # Clear a bad RPC channel. Someone using a bad port number? "/usr/sbin/shareall" ############################################################### copy: /local/iu/etc/hosts.deny dest=/etc/hosts.deny mode=644 server=nexus !dax:: /local/iu/etc/hosts.allow dest=/etc/hosts.allow mode=644 server=nexus dax:: /local/iu/etc/hosts.allow.dax dest=/etc/hosts.allow mode=644 server=nexus ############################################################### links: NameServers:: /etc/named.conf -> /local/iu/dns/named.conf MailHub:: /etc/mail/sendmail.cf ->! /iu/nexus/local/iu/mail/sendmail.cf MailClients.solaris:: /etc/mail/sendmail.cf ->! /iu/nexus/local/iu/mail/nullclient.cf # # Sendmail, restricted shell needs these links # solaris:: # Most of these will only be run on the MailHost # but flist (procmail) is run during sending... /usr/adm/sm.bin/vacation -> /usr/ucb/vacation /usr/adm/sm.bin/robot04 -> /iu/nexus/ua/robot/robot04 /usr/adm/sm.bin/flist -> /iu/nexus/ud/listmgr/.bin/flist linux:: /usr/adm/sm.bin/vacation -> /usr/bin/vacation nexus:: # Mirroring /etc/rsyncd.conf -> /local/iu/etc/rsyncd.conf ############################################################### editfiles: { /etc/services AppendIfNoSuchLine "cfengine 5308/tcp" } FTPserver:: { /etc/shells AppendIfNoSuchLine "/bin/tcsh" AppendIfNoSuchLine "/local/gnu/bin/bash" } { /etc/inetd.conf ReplaceAll "/local/etc/ftpd" With "/local/iu/sbin/tcpd" ReplaceAll "in.ftpd" With "ftpd" } !FTPserver:: { /etc/inetd.conf HashCommentLinesContaining "in.ftpd" } any:: { /etc/inetd.conf DeleteLinesContaining "bootp" DeleteLinesContaining "bootps" AppendIfNoSuchLine "finger stream tcp nowait nobody /local/iu/sbin/tcpd in.fingerd" AppendIfNoSuchLine "cfinger stream tcp nowait nobody /local/iu/sbin/tcpd in.cfingerd" } nexus:: { /etc/inetd.conf AppendIfNoSuchLine "netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd" AppendIfNoSuchLine "netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd" AppendIfNoSuchLine "rsync stream tcp nowait root /local/iu/sbin/tcpd rsync --daemon" } ############################################################### processes: "bootp" signal=kill "inetd" signal=hup "sendmail" matches=>1 restart "/usr/lib/sendmail -bd -q15" # # Try to clear cfd zombies # "zombie" include=cfd define=cfdzombie cfdzombie:: "cfd" signal=kill restart "/local/gnu/bin/cfd -m" useshell=false !cfdzombie:: "cfd" restart "/local/gnu/bin/cfd -m" useshell=false any:: "sshd" restart "/local/ssh-1.2.26/sshd" useshell=false "snmp" signal=kill "powerd" signal=kill "mibiisa" signal=kill nexus:: "fingerd" matches=1 restart "/local/etc/fingerd" "named" matches=>1 restart "/local/iu/bind/bin/named" useshell=false "httpd" matches=>1 restart "/local/iu/sbin/apachectl start" useshell=false inform=true !nexus:: "httpd" signal=kill inform=true "apache" signal=kill inform=true ############################################################### files: # Sendmail /usr/adm/sm.bin mode=555 o=root g=other act=fixdirs MailHub:: /local/iu/mail/sendmail.cf o=root m=444 act=fixplain Nameservers:: /local/iu/dns/pz o=root m=644 act=fixall r=1 /local/iu/dns/pz/Fixserial m=755 action=fixplain WWWServers.Rest.Hr00:: /local/iu/etc/apache m=664 o=root g=www act=fixall r=inf FTPserver:: # # Make sure anonymous ftp areas have the correct # protection, or logins won't be able to read # files - or perhaps a security risk. This is # solaris 2 specific... # $(ftp)/pub mode=644 o=root g=other act=fixall $(ftp)/pub mode=644 act=fixall r=inf $(ftp)/etc mode=111 o=root g=other act=fixdirs $(ftp)/usr/bin/ls mode=111 o=root g=other act=fixall $(ftp)/dev mode=555 o=root g=other act=fixall $(ftp)/usr mode=555 o=root g=other act=fixdirs ############################################################### disable: # # We run Berkeley sendmail and the config files are # all under /iu/nexus/local/lib/mail # /etc/aliases nexus.Tuesday.Hr00:: # # Disabling these log files weekly prevents them from # growing so enormous that they fill the disk! # /local/iu/httpd/logs/access_log rotate=2 /local/iu/httpd/logs/agent_log rotate=empty /local/iu/httpd/logs/error_log rotate=empty /local/iu/httpd/logs/referer_log rotate=empty FTPserver.Sunday.All:: /local/iu/logs/xferlog rotate=3 ### # # END cf.services # ###